I have configured my postfix so as users under my server shall send mails through port 587 and port 25 will only be used to receive mails from mail servers.

I am successful to the extent that on connecting to port 25 mails are not allowed outside the mail server and it is being rejected as relay-access denied. whereas on port 587 the clients are able to sent mail to outside mail servers.

if I add this condition, the mails are allowed to be sent outside the network and if I am removing the condition, any one can connect to port 25 and since there is no authentication can sent any number of mails to local recipients.

what is way that I can use sasl authentication on port 25, yet prevent it from relaying mails outside my network.

Basically, the -o means override what is found in main.cf for that port. So you can set up main.cf to accept mail how you want on port 25, then set up port 587 (submission) to only allow sasl auth or whatever.

You want to allow anyone (within reason) to send mail to you on port 25, but allow no relaying through that port. That's what reject_unauth_destination does..

That what I exactly did. submission inet n - - - - smtpd. I at the same time don't want anyone to connect to server without authentication except the mail server, if I am removing the clause "permit_sasl_authenticated" in main.cf, relay is closed, but any one can send spam becoming the sender on my own server to the local recipients. My question is while keeping the "sasl authentication on in main.cf can I still prevent relay for mails on port 25. I am modifying my question to post the actual settings of my main.cf and master.cf
–
JoshiMar 6 '13 at 19:00

quote- you want to allow anyone(within reason). No within reason also I want the users to authenticate. But once I am turning on the authentication,the relay becomes open, which I don't want.
–
JoshiMar 6 '13 at 22:15

You're confused about what relaying is. Relaying is accepting an email to send to another domain NOT hosted on your server. People being able to send email to your users is the entire idea of hosting a mail server, you put things like DKIM, Greylisting, Blacklists and spamassassin, to reduce the amount of "spam" you receive.
–
NickWMar 7 '13 at 9:28